Improve password generation for link shares

Use web crypto when generating password for link shares
whenever the password policy app is disabled.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>

apps/files_sharing/js/dist/files_sharing_tab.js

@@ -2126,7 +2126,7 @@ var g=function(){function t(e){var n,r,i;!function(t,e){if(!(t instanceof e))thr
  * You should have received a copy of the GNU Affero General Public License
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  *
- */var z=new h,H="abcdefgijkmnopqrstwxyzABCDEFGHJKLMNPQRSTWXYZ23456789",$=function(){return Q.apply(this,arguments)};function Q(){return(Q=G(regeneratorRuntime.mark((function t(){var e;return regeneratorRuntime.wrap((function(t){for(;;)switch(t.prev=t.next){case 0:if(!z.passwordPolicy.api||!z.passwordPolicy.api.generate){t.next=12;break}return t.prev=1,t.next=4,p.a.get(z.passwordPolicy.api.generate);case 4:if(!(e=t.sent).data.ocs.data.password){t.next=7;break}return t.abrupt("return",e.data.ocs.data.password);case 7:t.next=12;break;case 9:t.prev=9,t.t0=t.catch(1),console.info("Error generating password from password_policy",t.t0);case 12:return t.abrupt("return",Array(10).fill(0).reduce((function(t,e){return t+=H.charAt(Math.floor(Math.random()*H.length))}),""));case 13:case"end":return t.stop()}}),t,null,[[1,9]])})))).apply(this,arguments)}r(541);function V(t,e,n,r,i,a,o){try{var s=t[a](o),l=s.value}catch(t){return void n(t)}s.done?e(l):Promise.resolve(l).then(r,i)}function W(t){return function(){var e=this,n=arguments;return new Promise((function(r,i){var a=t.apply(e,n);function o(t){V(a,r,i,o,s,"next",t)}function s(t){V(a,r,i,o,s,"throw",t)}o(void 0)}))}}
+ */var z=new h,H="abcdefgijkmnopqrstwxyzABCDEFGHJKLMNPQRSTWXYZ23456789",$=function(){return Q.apply(this,arguments)};function Q(){return(Q=G(regeneratorRuntime.mark((function t(){var e,n,r,i,a;return regeneratorRuntime.wrap((function(t){for(;;)switch(t.prev=t.next){case 0:if(!z.passwordPolicy.api||!z.passwordPolicy.api.generate){t.next=12;break}return t.prev=1,t.next=4,p.a.get(z.passwordPolicy.api.generate);case 4:if(!(e=t.sent).data.ocs.data.password){t.next=7;break}return t.abrupt("return",e.data.ocs.data.password);case 7:t.next=12;break;case 9:t.prev=9,t.t0=t.catch(1),console.info("Error generating password from password_policy",t.t0);case 12:for(n=new Uint8Array(10),r=H.length/255,self.crypto.getRandomValues(n),i="",a=0;a<n.length;a++)i+=H.charAt(n[a]*r);return t.abrupt("return",i);case 18:case"end":return t.stop()}}),t,null,[[1,9]])})))).apply(this,arguments)}r(541);function V(t,e,n,r,i,a,o){try{var s=t[a](o),l=s.value}catch(t){return void n(t)}s.done?e(l):Promise.resolve(l).then(r,i)}function W(t){return function(){var e=this,n=arguments;return new Promise((function(r,i){var a=t.apply(e,n);function o(t){V(a,r,i,o,s,"next",t)}function s(t){V(a,r,i,o,s,"throw",t)}o(void 0)}))}}
 /**
  * @copyright Copyright (c) 2019 John Molakvoæ <skjnldsv@protonmail.com>
  *

apps/files_sharing/src/utils/GeneratePassword.js

@@ -24,6 +24,7 @@ import axios from '@nextcloud/axios'
 import Config from '../services/ConfigService'
 
 const config = new Config()
+// note: some chars removed on purpose to make them human friendly when read out
 const passwordSet = 'abcdefgijkmnopqrstwxyzABCDEFGHJKLMNPQRSTWXYZ23456789'
 
 /**
@@ -46,10 +47,12 @@ export default async function() {
 		}
 	}
 
-	// generate password of 10 length based on passwordSet
-	return Array(10).fill(0)
-		.reduce((prev, curr) => {
-			prev += passwordSet.charAt(Math.floor(Math.random() * passwordSet.length))
-			return prev
-		}, '')
+	const array = new Uint8Array(10)
+	const ratio = passwordSet.length / 255
+	self.crypto.getRandomValues(array)
+	let password = ''
+	for (let i = 0; i < array.length; i++) {
+		password += passwordSet.charAt(array[i] * ratio)
+	}
+	return password
 }